Changeset 65f6442 for fedd


Ignore:
Timestamp:
Sep 20, 2011 11:06:44 AM (13 years ago)
Author:
Ted Faber <faber@…>
Branches:
compt_changes, info-ops, master
Children:
1e9331e
Parents:
5954004
Message:

Move to lib creddy. Closes #22

File:
1 edited

Legend:

Unmodified
Added
Removed
  • fedd/fedd_create.py

    r5954004 r65f6442  
    66
    77import ABAC
     8import Creddy
    89
    910from string import join, ascii_letters
     
    102103            }
    103104
    104 def delegate(fedid, cert, dir, name=None, debug=False,
    105         creddy='/usr/local/bin/creddy'):
     105def delegate(fedid, cert, dir, name=None, debug=False):
    106106    '''
    107107    Make the creddy call to create an attribute delegating rights to the new
     
    127127            id_fn = '%s/%s_id.pem' % (dir, expid)
    128128
    129         cmd = [creddy, '--attribute', '--issuer=%s' % certfile,
    130                 '--key=%s' % keyfile,
    131                 '--role=acting_for', '--subject-id=%s' % expid,
    132                 '--out=%s' % fn ]
    133         if not debug:
    134             if subprocess.call(cmd) != 0:
    135                 print >>sys.stderr, "Cannot delegate, things may fail"
    136                 return []
    137         else:
    138             print join(cmd)
     129        try:
     130            cid = Creddy.ID(certfile)
     131            cid.load_privkey(keyfile)
     132            cattr = Creddy.Attribute(cid, 'acting_for', 3600 * 24 * 365 * 10)
     133            cattr.principal("%s" % expid)
     134            cattr.bake()
     135            cattr.write_name(fn)
     136        except RuntimeError:
     137            print >>sys.stderr, "Cannot create ABAC delegation. " + \
     138                    "Did you run cert_to_fedid.py on your X.509 cert?"
    139139            return []
    140140
     
    142142        if context.load_id_file(certfile) != ABAC.ABAC_CERT_SUCCESS or \
    143143                context.load_attribute_file(fn) != ABAC.ABAC_CERT_SUCCESS:
    144             print >>sys.stderr, "Cannot load delegation into ABAC. " + \
     144            print >>sys.stderr, "Cannot load delegation into ABAC context. " + \
    145145                    "Did you run cert_to_fedid.py on your X.509 cert?"
    146146            return []
Note: See TracChangeset for help on using the changeset viewer.